[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remaining open issues for RFC-2401bis

To: Tero Kivinen <kivinen@iki.fi>
Subject: Re: Remaining open issues for RFC-2401bis
From: Stephen Kent <kent@bbn.com>
Date: Fri, 26 Mar 2004 12:44:52 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: <16483.65081.442633.47762@fireball.acr.fi>
References: <200403200415.i2K4FlQU007773@thunk.east.sun.com><p06100407bc8210eadd2d@[63.202.92.152]><p06020401bc854e7aeba7@[10.84.130.85]><16480.9936.57483.798886@fireball.acr.fi><p06020401bc8612e45d2f@[128.89.89.75]><16480.32863.476549.187521@fireball.acr.fi><p06020401bc874c0ac4cc@[128.33.244.157]><16482.57437.574350.440617@fireball.acr.fi><p06020407bc88a41e696c@[128.89.89.75]><16483.65081.442633.47762@fireball.acr.fi>
Sender: owner-ipsec@lists.tislabs.com

At 11:56 AM +0200 3/26/04, Tero Kivinen wrote:
>Stephen Kent writes:
>>  I can't comment on what most vendors do in the
>>  shared secret case for IPsec implementations. I
>>  just cited my bad experience in a different but
>>  equivalent context, and it was not good.
>
>All of my bad experiences are because someone thought to be user
>friendly and only created text input box where the password can be
>written. It is extremly hard (or impossible) to write binary key
>0x44f7ba0052dc29b4812d2e9b165b410d to that box, thus that laptop user
>who have only text input box will not be able to use system at all.
>Most of those who provided the hex-input also provided a way to type
>the key in as string.
>
>Thus, saying it is binary string, and you MUST offer way to put in any
>binary string (up to certain length) works better, as it will always
>offer interoperability (I agree it might not be that user friendly,
>but that is something that the vendor can fix if they feel like making
>it user friendly).

And my bad experience is that while I could create and remember a key 
in the form of a pass phrase character string, I had to write down 
the hex key I created and very carefully, manually enter it into each 
system, which was error prone (despite my care), frustrating, and a 
very poor use of my time.

I fear that you bring an implementer perspective to the problem, and 
I bring a user perspective, and it is unfortunate that the two don't 
overlap better :-)

Steve

Follow-Ups:
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>

References:
- Re: Remaining open issues for RFC-2401bis
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: Remaining open issues for RFC-2401bis
  - From: Stephen Kent <kent@bbn.com>
- Re: Remaining open issues for RFC-2401bis
  - From: Tero Kivinen <kivinen@iki.fi>

Prev by Date: IDci and IDcr payloads with NAT Traversal
Next by Date: Re: Remaining open issues for RFC-2401bis
Previous by thread: Re: Remaining open issues for RFC-2401bis
Next by thread: Re: Remaining open issues for RFC-2401bis
Index(es):
- Date
- Thread